Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall

An anonymous reader writes: Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 — Microsoft plans to disable SMBv1 in most versions of the Windows operating systems. SMBv1 is a three-decades-old file sharing protocol that Microsoft has continued to ship “enabled by default” with all Windows OS versions. The protocol got a lot of attention recently as it was the main infection vector for the WannaCry ransomware. Microsoft officially confirmed Tuesday that it will not ship SMBv1 with the Fall Creators Update. This change will affect only users performing clean installs, and will not be shipped as an update. This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system. Read more of this story at Slashdot.

More:
Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall

You Can Hack Some Mazda Cars With a USB Flash Drive

An anonymous reader writes: “Mazda cars with next-gen Mazda MZD Connect infotainment systems can be hacked just by plugging in a USB flash drive into their dashboard, thanks to a series of bugs that have been known for at least three years, ” reports Bleeping Computer. “The issues have been discovered and explored by the users of the Mazda3Revolution forum back in May 2014. Since then, the Mazda car owner community has been using these ‘hacks’ to customize their cars’ infotainment system to tweak settings and install new apps. One of the most well-designed tools is MZD-AIO-TI (MZD All In One Tweaks Installer).” Recently, a security researcher working for Bugcrowd has put together a GitHub repository that automates the exploitation of these bugs. The researcher says an attacker can copy the code of his GitHub repo on a USB flash drive, add malicious scripts and carry out attacks on Mazda cars. Mazda said the issues can’t be exploited to break out of the infotainment system to other car components, but researchers disagreed with the company on Twitter. In the meantime, the car maker has finally plugged the bugs via a firmware update released two weeks ago. Read more of this story at Slashdot.

See the original article here:
You Can Hack Some Mazda Cars With a USB Flash Drive

Amazon is buying Whole Foods for $13.7 billion

In a surprising turn of events, Amazon and Whole Foods Market announced this morning that they are merging; Amazon will acquire the high-end organic food company for approximately $13.7 billion cash. Whole Foods is retaining its CEO, cofounder John Mackey, and they will continue to operate their stores independently. The company’s headquarters will remain in Austin, Texas. Developing… Source: Business Wire

View the original here:
Amazon is buying Whole Foods for $13.7 billion

Team Collaboration App Slack, Valued at $9 Billion, Draws Attention of Amazon

Amazon is in the running among a handful of companies looking to acquire the popular chatroom startup, reports Bloomberg. From the article: San Francisco-based Slack could be valued at at least $9 billion in a sale, the people said. An agreement isn’t assured and discussions may not go further, said the people. Buying Slack would help Seattle-based Amazon bolster its enterprise services as it seeks to compete with rivals like Microsoft and Alphabet’s Google. The company’s cloud-hosting unit, Amazon Web Services, in February unveiled a paid-for video and audio conferencing service — Amazon Chime — that lets users chat and share content. Kara Swisher, reporting for Recode: Slack, the popular business communications company, is in the midst of raising $500 million at a $5 billion post-money valuation, an effort that has attracted several potential buyers interested in taking out the company ahead of the funding. Those include Amazon, Microsoft, Google and Salesforce, several of which have previously shown interest in acquiring Slack. Bloomberg reported the interest by Amazon today, with a $9 billion sales price. Read more of this story at Slashdot.

Continue reading here:
Team Collaboration App Slack, Valued at $9 Billion, Draws Attention of Amazon

Man faces three years in prison for sharing Deadpool on Facebook

Enlarge (credit: 20th Century Fox ) A California man who shared a copy of the movie Deadpool on Facebook has been arrested and charged with criminal copyright infringement. If convicted, he faces a penalty of up to three years in prison. Trevon Maurice Franklin, 21, of Fresno, California, allegedly uploaded the movie to his Facebook page eight days after its US theatrical release in February 2016. Franklin went by the name “Tre-Von M. King” on Facebook. Franklin was arrested on Tuesday morning and brought to US District Court in Fresno. The court docket indicates he was brought into court in leg shackles. Franklin was advised of his rights and the charges, and he pleaded not guilty. He was assigned a federal public defender as an attorney and has a subsequent court appearance on June 27 in Los Angeles. Read 3 remaining paragraphs | Comments

See more here:
Man faces three years in prison for sharing Deadpool on Facebook

In dying, blood-starved heart, bacteria injections offer cellular life support

Enlarge / False-colored scanning electron micrograph of multiple S. elongatus cyanobacteria (green) with a single rat heart muscle cell (red). (credit: Cohen et al. ) For the faint of heart, a microbial flash mob might just do the trick. A direct injection of photosynthetic bacteria—plus a little light— provided cellular life-support to the weak, blood-starved hearts of rats suffering simulated heart attacks. The bacterial jolt supplied much-needed oxygen to the gasping tissue and prevented long-term damage, Stanford researchers report this week in Science Advances . In fact, after a short recovery period the treated rodents had a 30-percent boost in heart function compared with control animals. “In humans, an increase of this magnitude would have profound clinical implications, likely representing the difference between a healthy patient and one suffering from heart failure,” the authors conclude. They’re hopeful that one day the microbial menders could be used to help human heart attack patients and those undergoing heart surgery or heart transplants. There are some tall hurdles to get to those goals, the authors admit, but the results so far show promise. Read 10 remaining paragraphs | Comments

Continued here:
In dying, blood-starved heart, bacteria injections offer cellular life support

Practical Architect Uses Design/Build Skills to Erect Beautiful Family Home for $180,000 Less Than Quoted Price

This is well worth the watch. Houston-based architect Zui Ng used a host of brilliant principles, intelligent design choices and practical money-saving techniques to build a home for himself and his family. From ensuring that he is “a good neighbor, ” architecturally speaking, to creating extra living space that’s non-taxable, to knocking $180, 000 off of the cost by subcontracting himself, Ng has thought of everything for this “Chameleon Shotgun house.” Watch and learn:

See more here:
Practical Architect Uses Design/Build Skills to Erect Beautiful Family Home for $180,000 Less Than Quoted Price

NSA Links WannaCry To North Korea

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300, 000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with “moderate confidence” to North Korea’s spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that “cyber actors” suspected to be “sponsored by” the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called “the Lazarus Group, ” a name used by private-sector researchers. Read more of this story at Slashdot.

Visit link:
NSA Links WannaCry To North Korea

Fileless malware attack against US restaurants went undetected by most AV

Enlarge (credit: Carol Von Canon ) Researchers have detected a brazen attack on restaurants across the United States that uses a relatively new technique to keep its malware undetected by virtually all antivirus products on the market. Malicious code used in so-called fileless attacks resides almost entirely in computer memory, a feat that prevents it from leaving the kinds of traces that are spotted by traditional antivirus scanners. Once the sole province of state-sponsored spies casing the highest value targets , the in-memory techniques are becoming increasingly common in financially motivated hack attacks . They typically make use of commonly used administrative tools such as PowerShell, Metasploit, and Mimikatz, which feed a series of malicious commands to targeted computers. FIN7, an established hacking group with ties to the Carbanak Gang , is among the converts to this new technique, researchers from security firm Morphisec reported in a recently published blog post . The dynamic link library file it’s using to infect Windows computers in an ongoing attack on US restaurants would normally be detected by just about any AV program if the file was written to a hard drive. But because the file contents are piped into computer memory using PowerShell, it wasn’t visible to any of the 56 most widely used AV programs, according to a Virus Total query conducted earlier this month. Read 6 remaining paragraphs | Comments

Link:
Fileless malware attack against US restaurants went undetected by most AV

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could’ve registered the domain and installed malicious apps on the phones. Read more of this story at Slashdot.

Originally posted here:
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain